Wana Decryptor hits hard The last 24 hours have been anything but exciting after country upon country have reported about massive ransomware attacks. Most notable are NHS (National Health Service), UK and Telefonica, Spain. The sad part of the story is that this vulnerability was patched by Microsoft back in March… The vulnerability in question, or rather the hack they used, is EternalBlue which was a part of the leaked NSA hack that The Shadow Brokers recently released. (see Vault 7, part 2 for some details) and it uses a bug in the SMBv1 protocol – that should’ve been patched. One alarming issue is that ~90% of NHS computers are still running Windows XP – which is no longer supported. Not been for a few years actually… Pretty lousy IT strategy if you ask me… Others who are running still supported version of Windows and still have to roll out patches from March should be ashamed. If they take their IT security this badly, I’m not going to be surprised if many of these companies are without adequate backups either. Luckily one engineer at MalwareTech discovered the URL that WCry (Wana Decryptor) will do a GET and check if it exists. If it doesn’t exist the ransomware will start to delete the encrypted files if no money has been transferred. This engineer registered the URL, not knowing at that time it would stop the files from being deleted, and I guess quite a lot of people are sending him “thank you!” emails right now… 😉 Not running the latest patches? So what to do then if you suspect you aren’t running the latest patches? Disable SMB. Read this on how to disable SMBv1 https://support.microsoft.com/kb/2696547 Update Windows! This should also give an idea of the shady business NSA, CIA, GCHQ etc are doing. This time we knew in advance and were trying to fix the vulnerabilities. Still so many got caught with their pants down… If The Shadow Brokers hadn’t released their NSA hack then we all would’ve still been vulnerable – and if these criminals had discovered this SMBv1 vulnerability themselves, then we all would’ve been surely fu…. This is why we report bugs when we find them! Update: If you’re still running Windows XP (or any other unsupported version) after this awakening and still haven’t found a way...

Wana Decryptor hits hard The last 24 hours have been anything but exciting after country upon country have reported about massive ransomware attacks. Most notable are NHS (National Health Service), UK and Telefonica, Spain. The sad part of the story is that this vulnerability was patched by Microsoft back in March… The vulnerability in question, or rather the hack they used, is EternalBlue which was a part of the leaked NSA hack...

Car hacking – myth, fantasy or reality? I was recently asked by an investigative reporter if there were any cars that were safe from hacking and apart from suggesting an old Volvo 142 I wasn’t able to give him a simple answer because I haven’t really researched this area properly. We’ve all seen reports in media how some cars are/were vulnerable to mostly physical attacks, but in a few rare cases there were a...

Vault 7, Year Zero part 2. We’ve so far had a total of five releases from Wikileaks under the name of “Vault 7” and although it’s all pretty much just documentation one can still work out the innards and its impact. Most of it are old hacks and technologies but some were still current – as we saw when the likes of Microsoft and Apple quickly released large patches in order to fix some of the most...

Vault 7, Year Zero Unless you live under a rock, none could’ve missed the headlines in the news stating the fact that a bunch of documents and hacking tools, stolen from CIA, had been handed over to Wikileaks who now released the first part in a partly censored form. It was censored to hide the identities of the CIA staff but also censored in order to not spread the actual tools of the trade that allowed the likes of CIA, GCHQ...

Internet of Things, Distributed Denial of Service – botnet script kiddies or more sinister players? I doubt few missed the massive outage a few days ago when Dyn’s DNS service was rendered useless by a massive DDoS attack. What made it worse is that many of the big players (Twitter, PSN, GitHub etc) had put all their eggs in the same basket and had no alternate DNS and thus disappeared on the internet. I for one...